Export limit exceeded: 360316 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (360316 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2009-3474 | 1 Internet2 | 3 Opensaml, Shibboleth-sp, Xmltooling | 2026-04-23 | N/A |
| OpenSAML 2.x before 2.2.1 and XMLTooling 1.x before 1.2.1, as used by Internet2 Shibboleth Service Provider 2.x before 2.2.1, do not follow the KeyDescriptor element's Use attribute, which allows remote attackers to use a certificate for both signing and encryption when it is designated for just one purpose, potentially weakening the intended security application of the certificate. | ||||
| CVE-2009-3478 | 2 Mozilla, Nightlight | 2 Firefox, Fireftp | 2026-04-23 | N/A |
| Argument injection vulnerability in (1) src/content/js/connection/sftp.js and (2) src/content/js/connection/controlSocket.js.in in FireFTP Extension 1.0.5 for Firefox allows remote authenticated SFTP users to cause victims to alter permissions, delete, download, or move the wrong file via a filename containing " (double quotes), which is not properly filtered or encoded when FireFTP constructs the command to send to psftp.exe. | ||||
| CVE-2009-3486 | 1 Juniper | 1 Junos | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in the J-Web interface in Juniper JUNOS 8.5R1.14 allow remote authenticated users to inject arbitrary web script or HTML via the host parameter to (1) the pinghost program, reachable through the diagnose program; or (2) the traceroute program, reachable through the diagnose program; or (3) the probe-limit parameter to the configuration program; the (4) wizard-ids or (5) pager-new-identifier parameter in a firewall-filters action to the configuration program; (6) the cos-physical-interface-name parameter in a cos-physical-interfaces-edit action to the configuration program; the (7) wizard-args or (8) wizard-ids parameter in an snmp action to the configuration program; the (9) username or (10) fullname parameter in a users action to the configuration program; or the (11) certname or (12) certbody parameter in a local-cert (aka https) action to the configuration program. | ||||
| CVE-2009-3489 | 1 Adobe | 1 Photoshop Elements | 2026-04-23 | 7.8 High |
| Adobe Photoshop Elements 8.0 installs the Adobe Active File Monitor V8 service with an insecure security descriptor, which allows local users to (1) stop the service via the stop command, (2) execute arbitrary commands as SYSTEM by using the config command to modify the binPath variable, or (3) restart the service via the start command. | ||||
| CVE-2009-3490 | 2 Gnu, Redhat | 2 Wget, Enterprise Linux | 2026-04-23 | N/A |
| GNU Wget before 1.12 does not properly handle a '\0' character in a domain name in the Common Name field of an X.509 certificate, which allows man-in-the-middle remote attackers to spoof arbitrary SSL servers via a crafted certificate issued by a legitimate Certification Authority, a related issue to CVE-2009-2408. | ||||
| CVE-2009-3491 | 2 Joomla, Kinfusion | 2 Joomla\!, Com Sportfusion | 2026-04-23 | N/A |
| SQL injection vulnerability in the Kinfusion SportFusion (com_sportfusion) component 0.2.2 through 0.2.3 for Joomla! allows remote attackers to execute arbitrary SQL commands via the cid[0] parameter in a teamdetail action to index.php. | ||||
| CVE-2009-3492 | 1 Gotdns | 1 Loggix Project | 2026-04-23 | N/A |
| Multiple PHP remote file inclusion vulnerabilities in Loggix Project 9.4.5 and earlier allow remote attackers to execute arbitrary PHP code via a URL in the pathToIndex parameter to (1) Calendar.php, (2) Comment.php, (3) Rss.php and (4) Trackback.php in lib/Loggix/Module/; and (5) modules/downloads/lib/LM_Downloads.php. | ||||
| CVE-2009-3493 | 1 Zenas | 1 Paobacheca Guestbook | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Zenas PaoBacheca Guestbook 2.1 allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to (1) scrivi.php and (2) index.php. | ||||
| CVE-2009-3494 | 1 Todor Lazarov | 1 T-htb Manager | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors. | ||||
| CVE-2009-3495 | 1 Vastal | 1 Dvd Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to execute arbitrary SQL commands via the mag_id parameter, a different vector than CVE-2008-4465. | ||||
| CVE-2009-3496 | 1 Vastal | 1 Dvd Zone | 2026-04-23 | N/A |
| Cross-site scripting (XSS) vulnerability in view_mag.php in Vastal I-Tech DVD Zone allows remote attackers to inject arbitrary web script or HTML via the mag_id parameter. | ||||
| CVE-2009-3497 | 1 Vastal | 1 Agent Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_listing.php in Vastal I-Tech Agent Zone (aka The Real Estate Script) allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-3498 | 1 Hbcms | 1 Hbcms | 2026-04-23 | N/A |
| SQL injection vulnerability in php/update_article_hits.php in HBcms 1.7 allows remote attackers to execute arbitrary SQL commands via the article_id parameter. | ||||
| CVE-2009-3499 | 1 Bpowerhouse | 1 Bplawyercasedocuments | 2026-04-23 | N/A |
| SQL injection vulnerability in employee.aspx in BPowerHouse BPLawyerCaseDocuments 1.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter. | ||||
| CVE-2009-3500 | 1 Bpowerhouse | 1 Bpgames | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in BPowerHouse BPGames 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) cat_id parameter to main.php and (2) game_id parameter to game.php. | ||||
| CVE-2009-3502 | 1 Bpowerhouse | 1 Bpmusic | 2026-04-23 | N/A |
| SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter. | ||||
| CVE-2009-3503 | 1 Bpowerhouse | 1 Bpholidaylettings | 2026-04-23 | N/A |
| Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters. | ||||
| CVE-2009-3504 | 1 Alibabaclone | 1 Alibaba Clone | 2026-04-23 | N/A |
| SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. | ||||
| CVE-2009-3505 | 1 Vastal | 1 Mmorpg Zone | 2026-04-23 | N/A |
| SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460. | ||||
| CVE-2009-3506 | 1 Jean-michel Wyttenbach | 1 Cmsphp | 2026-04-23 | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in CMSphp 0.21 allow remote attackers to inject arbitrary web script or HTML via the (1) cook_user parameter to index.php and the (2) name parameter to modules.php. | ||||